Sophos has recently released Firewall OS v21 MR1, which introduces a multitude of enhancements aimed at improving scalability, resiliency, and stability for Sophos Firewall users. The latest update brings several new features and improvements that aim to enhance the overall performance and security of the firewall.
One of the key highlights of the v21 MR1 update is the support for SSL VPN with key sizes of 3072 or 4096 bits for the Diffie-Hellman key exchange. This enhancement aims to provide users with a more secure communication channel and ensure compliance with industry standards. Additionally, the update includes enhanced UDP-based SSLVPN tunnel resiliency, achieved through a granular dead peer detection timeout configuration.
The update also includes improvements to IPsec VPN, specifically focusing on improving stability for offloaded policy-based VPN IPsec traffic. This helps eliminate slow browsing issues that users may have experienced in the past. Another notable addition is the NAT64 feature, which allows IPv6-only clients to access IPv4 websites through an explicit proxy. The update also adds support for an IPv4 upstream proxy for IPv6-only clients, further enhancing connectivity options for users.
Furthermore, the v21 MR1 update implements added resiliency to the DHCP service, ensuring that it auto-restores if it encounters an error state. This helps prevent any disruptions to network services and ensures that users can continue to access the internet seamlessly.
In terms of network connectivity, the update offers enhanced cellular WAN monitoring by automatically setting “8.8.8.8” as the second probe target. This improvement addresses the issue of ISPs blocking gateway pings, reducing the need for manual configuration and providing users with a more reliable network connection. Additionally, SD-RED devices now support remote troubleshooting and diagnostics by Sophos Support, further enhancing the overall support experience for users.
Sophos Firewall OS v21 MR1 is a free upgrade for all licensed Sophos Firewall customers, including XGS Series, cloud, virtual, and software firewalls. However, it is important to note that XG Series devices are soon to be end-of-life and need to be upgraded to XGS Series devices immediately, as they are not supported by v21 or v21 MR1.
Users can manually download the SFOS v21 MR1 firmware from Sophos Central and update at any time, or wait for the update to be rolled out to all connected devices over the coming weeks. A notification will appear on the local device or Sophos Central management console when the update is available, allowing users to schedule the update at their convenience.
It is recommended that users update their Sophos Firewall firmware at their earliest opportunity to take advantage of the latest enhancements and security improvements. Sophos Firewall OS v21 MR1 is a fully supported upgrade from all previous versions of v21, v20, v19.5, and v19.0, and users can refer to the Upgrade Information tab in the release notes for more details.
Comprehensive product documentation for Sophos Firewall OS v21 MR1 is available online and within the product itself, providing users with detailed information on how to navigate and utilize the new features and improvements. Overall, the latest update aims to provide users with a more robust and secure firewall experience, ensuring that their networks remain protected and efficient.